2017年11月第三周舆情周报

2017-11-17 来源:原创 作者:腾讯反病毒实验室
【文章摘要】2017年11月第三周舆情周报:安卓恶意软件,新敲诈样本,重大漏洞,其他安全事件等

美国政府披露安全漏洞的详细程序 

http://www.tomshardware.com/news/how-us-government-reveals-security-vulnerabilities,35938.html



漏洞聚焦: libxls 中的多个远程代码执行漏洞 

http://blog.talosintelligence.com/2017/11/vulnerability-spotlight-libxls.html

 

Amazon EchoGoogle Home易受BlueBorne攻击 

http://www.securityweek.com/amazon-echo-google-home-vulnerable-blueborne-attacks

 

黑客通过RDP潜入并传播勒索软件 

https://nakedsecurity.sophos.com/2017/11/15/ransomware-spreading-hackers-sneak-in-through-rdp/



垃圾邮件择取小说文本方式进行免杀传播下载赌博软件 

https://www.bleepingcomputer.com/news/security/spam-bots-bombards-victims-with-star-wars-quotes-and-links-to-gambling-apps/




开源Excel读取库libxls爆出7个远程代码执行漏洞CVE-2017-12108 

http://toutiao.secjia.com/libxls-rce

 

17MS Office缺陷让黑客无需用户交互即可安装恶意软件

https://thehackernews.com/2017/11/microsoft-office-rce-exploit.html




网络间谍活动中滥用Windows控制面板链接

https://www.bleepingcomputer.com/news/security/windows-control-panel-links-abused-in-cyber-espionage-campaign/




AsiaHitGroup手机恶意软件伪装成Google Play上的合法应用程序

https://blog.malwarebytes.com/cybercrime/2017/11/new-trojan-malware-discovered-google-play/

 

无文件攻击解密

https://www.alienvault.com/blogs/security-essentials/busting-5-myths-about-fileless-attacks

 

Adobe 发布补丁

https://www.bleepingcomputer.com/news/security/adobe-patches-security-bugs-in-flash-player-and-eight-other-products/

 

Cookie脚本在浏览器挖矿

https://www.bleepingcomputer.com/news/security/cookie-consent-script-drops-in-browser-cryptocurrency-miner/




美国政府分享北韩使用的FALLCHILL恶意软件详情

http://www.securityweek.com/us-government-shares-details-north-korea-cyber-attacks

 

Coinhive 成为恶意软件最想要的

https://www.scmagazine.com/coinhive-cryptocurrency-miner-jumps-onto-check-points-most-wanted-malware-list/article/707206/

 

微软发布11月补丁,修复53个安全问题

https://www.bleepingcomputer.com/news/microsoft/microsoft-november-patch-tuesday-fixes-53-security-issues/

 

Ordinypt wiper 勒索目标德国企业

https://www.scmagazine.com/ordinypt-wiper-ransomware-poses-as-job-applicants/article/706774/

 

北韩黑客抨击比特币服务提供商的恶意软件攻击

https://themerkle.com/north-korean-hackers-ramp-up-malware-attacks-against-bitcoin-service-providers/

 

ICedID银行木马被发现

https://www.bleepingcomputer.com/news/security/new-icedid-banking-trojan-discovered/

 

LockCrypt 勒索软件通过爆破RDP传播

https://www.alienvault.com/blogs/labs-research/lockcrypt-ransomware-spreading-via-rdp-brute-force-attacks

 

ToastAmigo恶意软件使用新的攻击Toast Overlay 漏洞

https://www.scmagazine.com/toastamigo-malware-uses-new-twist-to-attack-toast-overlay-vulnerability/article/706640/



电脑管家V12.13

4大安全能力再升级

详情>>

版本更新:2018.3.20